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REMARKS 

Claims 1-18 were present for examination in the above- 
identified application. All claims stand rejected under 3 5 U.S.C. 
102(e) as anticipated by U.S. Patent 6,502,135 to Munger et al . 
Additionally, the Abstract has been objected to as being too 
lengthy. The Abstract has been shortened by the present amendment 
to less than 150 words. 

Virtual Private Networks (VPN) for establishing communication 
through a Packet Network such as the internet are known. As 
described in the present application (and shown by VPN definition 
3 of the attached page 813 of Newton's Telecom Dictionary) a 
source of information such as a user's computer encrypts, 
compresses, etc. a data payload and transmits it to the internet 
with the destination address of a security gateway. The packet 
finds its way through the various modes of the internet and is 
delivered to the security gateway which is the interface between 
the internet and a secure network. The gateway is responsible for 
accessing the payload for use on the secure network by performing 
necessary VPN protocols to authenticate, decompress, decrypt etc. 
the payload. (see the attached definition from Newton's Telecom 
Dictionary, pg 322). Applicants invention, as is stated in all 
independent claims 1,10 and 15 relates primarily to accessing of 
the payload at an internet security gateway. 

In contrast, the Munger et al . reference relates primarily to 
the conveyance of packets through the nodes of the internet in 
such a way that it is difficult for an "eavesdropper" to identify 
all of the parts of a message and which originating terminal is 
communicating with which destination terminal. The individual 
TARP routers of the Munger et al . internet 107 produce at random, 
many paths for the individual message packets to take between the 
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originating terminal and the destination terminal . Gaining access 
to the payload of messages by the TARP terminal 110, which is the 
gateway of the Munger et al . , system is not discussed in detail. 
For example, column 1, lines 38-45 merely states that encryption 
keys may be known to the origination and destination terminals so 
that data security can be maintained. Accordingly, the present 
inventions and Munger et al . , do not even relate to the same 
aspect of VPN communication. 

Applicant's claims have been amended to clarify that the 
gateway function of gaining access to packet payloads is being 
provided. This is a substantially different function than 
randomizing the paths that packets take while traversing the 
internet. Apparatus claim 1 is limited to the parts and functions 
of a security gateway to gain access to the payload of a packet. 
Nothing can be found in Munger et al . , suggesting any relevant 
detail of its gateway or destination terminal. The gateway of 
claim 1, as amended, includes a plurality of protocol modules each 
of which processes packets in accordance with a different virtual 
private network protocol to access the payload of a received 
packet. The Examiner cites sections of Munger et al . , relating to 
the functions of the TARP routers which comprise the internet 107 
of the Munger et al . disclosure. Nothing is disclosed therein 
about the functions of the TARP routers to gain access to the 
payload of packets. Instead they perform a clever algorithm to 
assure randomized transmission of packets through the network. 

The security gateway of applicants claim 1 also includes a 
memory storing information identifying which of the protocol 
modules is to process each packet and the sequence of their 
processing to gain access to the payload. No such memory is 
taught or suggested by Munger et al . The Examiner refers to col 
8, lines 58-61 and refers to as a look up terminal to show such a 
memory. The entire paragraph from col 8, lines 51-67 clearly 
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indicates that each TARP terminal includes a look up table which 
is used to identify where packets are to be directed through the 
network. The table may be updated from time- to- time by connected 
terminals. This is clearly not a memory in a gateway which 
identifies which modules and in what sequence process packets to 
gain access to the payload. 

The security gateway of claim 1 as amended also includes a 
protocol discriminator which in response to the protocol sequence 
information of the memory passes a received data packet to the 
appropriate protocol modules to gain access to the payload. Thus, 
it is clear that the protocol discriminator is different from 
anything suggested by col 8, lines 1-15 of Munger et al . , which 
merely describes the randomizing algorithm employed by the TARP 
routers. In view of the foregoing, applicant asserts that claim 1 
as amended and claim 2-9 which depend therefrom are allowable as 
they now stand. 

In addition to the above, claim 2 recites that each protocol 
module of the gateway passes received packets back to the 
discriminator module upon completion of its processing. The TARP 
routers of Munger et al . , may pass packets on to subsequent TARP 
routers, but nothing in Munger et al ., teaches or suggests sending 
them back to a discriminator module. Claim 3 depends from claim 2 
and further states that the discriminator module sends the data 
packets received from one protocol module on to another protocol 
module. The network of Munger et al . , teaches or suggests no such 
operation. 

Claim 10 is a method claim which is similar to claim 1 and is 
asserted to be allowable for the reasons set forth above 
concerning claim 1. Claims 11-14 are also asserted to be 
allowable due to their dependence on claim 10. 

Additionally, claim 11 recites that the gateway of claim 10 
accumulates the information describing the sequence of protocol 
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module operations during authentication of the communication. 
This is different from the address updating described in Munger 
et al., col 30, lines 28-33 and is undertaken for an entirely 
different purpose . 

Claim 15 recites a method of operating a security gateway and 
has been amended to clarify that the operations are being 
performed to gain access to the payloads of packets. This claim 
differs from prior claims in that it sets forth a specific method 
for binding payload access rules and policies to the packets to 
which the rules and policies are to be applied. This claim 
recognizes that the originating user has a user identity disclosed 4 
in at least one packet and that the packets from that user will be 
conveyed having an assigned IP address. Initially, a set of rules 
and policies is stored in the security gateway in a way which 
associates them with the identify of the user . No such step is 
taught or is suggested by Munger et al . Next, a packet is 
received at the security gateway and the IP address assigned to 
the user is identified and based on the user identity and the IP 
address, a portion of the rules and policies is bound to the IP 
address. No step of binding rules and policies which were first 
stored in association with a user identity is taught or suggested 
by the reference. In view of the foregoing, claim 15 as amended 
is not anticipated by the Munger et al . reference. Claims 16-18, 
are asserted to be allowable due to their dependence on claim 15. 

Applicant respectfully asserts that, the rejection of claims 
1-18 has been traversed for the reasons discussed above. 
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The Commissioner is hereby authorized to charge any 
additional fees which may be required in this application under 3 7 
C.F.R. §§1.16-1.17 during its entire pendency, or credit any 
overpayment, to Deposit Account No. 06-1135. Should no proper 
payment be enclosed herewith, as by a check being in the wrong 
amount, unsigned, post-dated, otherwise improper or informal or 
even entirely missing, the Commissioner is authorized to charge 
the unpaid amount to Deposit Account No. 06-1135. 



Date : 1/12/05 __ 

120 South LaSalle Street 
Suite 1600 

Chicago, Illinois 60603-3406 
Telephone: (312) 577-7000 
Facsimile: (312) 577-7007 



Respectfully requested, 



FITCH, EVEN, TABIN & FLANNERY 




Kenneth H. Samples 
Registration No.: 25,747 
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Garbage Can / Gateway Protocol Converter 



inn and system applications such as bar code scanners, industrial microwave ovens and 
wireless monitoring of patient sensors, ISM also is used in many Wireless LANs. As the ISM 
band is urtased, anyone can use it tor anything, anywhere in the U.S. Some garage 
door openers use rfrhopefuOy not me garc^eckw openers at me same h^ 
IT to numHor your puke rate in the ICU. If s a cottkll, hence the term forcoy band. 
Garbage Can What Australians call a garbage can, Americans call a trash ca rt 
Garbage Collection A software program or routine that is used to solve mem- 
ory leaks. Garbage collection is the process of searching memory for program segments 
or data that are no longer active, in order to redaim that memory space for other comput- 
er programs. See abo Memory luck. ... — 
Garbage In, Garbage Out 6IG0. tf the input data is wrong or iroccurate, the 
output data wffl be inaccurate or wrong. 6IG0 is proWem.wim doto entered by _hand into 
computer systems. Ask yourself how many times you've received Tunic* mafl with the 
wrong spelling of your name? That's coiled Garbage In, Garbage Out. 
Garbitrage Sending garbage from one city to another, usually organized by garfr 
trag^urs on the phone. 

GARP 1 . Growth At a Reasonable Price. An investment philosophy that focuses on pick- 
ing stocks that provide growth, but without raking significant risk. The term means (fitter 
ent things to alfererrt people. . 
2. Generic Attn1)uteRepjstnir^ 

bus devices (e.g., dents, servers, and bridges) can automatic^c^ attribute 
mfonration across a bridged LAN. GARP is a Layer 2 (Le., Data link Layer) protocol used 
extensively in VLANs (Virtual LANs). A GARP participant consists of a GARP aDpfiaifion^ 
ware component, and a GARP tofomration Declaration (GID) component which Bassoaated 
with each port of the bridge. GARP paTticiporrrs in ogives 
ute rnfmiration rhrouah the use of the GARP InfaTnotion Propagation (GIP) caTiponent. j 
Relying on GARP services is GMRP (GARP Mufticast Registration Protocol), whichprovtdes 
a me^K^ by wfdeh bridges oikI c^ 

ter their membership in a group with the MAC bridges by which a physknJ IAN segment 
attaches to the larger logical LAN. Once the bridges receive that registration intacto, 
they propagate.* to ail other bridges that support extended filtering services. The GARP 
VIAN Registration Protocol (6VRP) is a GARP apptkatibn that provides registrtrtiOT seivices 
in a VIAN context. See also VW ■ ' 

Gas The word 'gas* coined by the chemist J.B. van Helmont, is taken from the word 
"chaos/ which means 'unformed' in Greek. t 
Gas Carbon Used for lightning protection by phone companies, m the telephone s 
earfy days Gghtning often struck telephone Ones, electrocuted people or tomed their hous- 
es down. Earn; lightning protectors were made of arrbon. When hit they took phone outer 
action and needed to be replaced by a technician. Newer ligjrtrang protectors are made with 
a gas. When hit by (rghtniira they temporarily short, then re^nable tte phone line. This 
invention has greafly reduced the number of bad toes a nhone company Ikis after a storo. 
Despite their name, there is no carbon in them. Gas carbons are the same size and shape 
cBtne older carbon protectors so they fir eqsvy into the old slots. 
Gas Pressurlzatlon A method for preventing water from entering openings m 
splice dosures or cable sheaths by keeping the cables under pressure wim dry gas. 
Gas Tube A method of protecting phone lines and phone equipment from high vorr 
age caused by Dcjrtning strikes. See CARBON BLOCK (another protection technology) fora 
more detailed e^lrjmrtion. Here is a definition from American Power Conversion Corp. Gas 
tube is a surge suppression device that clamps a surge voltage to a Tirrated value. Also 
coiled a 'spark gap*, a gas tube is simply two electrodes that are held at a dose distance 
so that hir} votai^ fjetween the electrodes simpfy arc thrcjugh the air or other gas with- 
in the tube, thereby effectively damning the voltage. Gas tubes are very slow, but can han- 
dle very large surges. The mam r^obiem with the use of gas tubes in AC power^cuitSB 
that when they ctamp the surge they rnomentarily short out the utility line which usually 
tnpybfl rimiH hrenker feeding the circuit which the tube is connected to. hi this case the 
opelfc of surge darrptg leads directly to power interruption. They are wefl ^ louse 
in data line surge suppression, but have protective damping voltages that are too high to 
provide effective protection for most modems or computer ports. ..... 

Gaseous Conductors The gases which, when ionized by an electric field, permit 
the passage of an dearie current. 

Gate 1. flus term is typically used in Automatic Cri Distributors, devices used for han- 
dling many incoming telephone cafe. Gate refers to a telephone trunk or business transac- 
tion grouping that may be handled by one group of telephone answerers (called atten- 




dants, operators, agents or telemarketeB). That one group of telephone answerers is d 
'the gate." All cafts coming into that gate can, meoreticaflv, be handled rjyanyofthj| 
phone answerers. A telephone call is homogeneous throughout the grite. An arrrormriw 
distributor may have one gate — all cafls coming in can be handled by everyone,^ 
may have many gates, each one consisting of the line (or lines) bringing the calf in ; 
eg Band 5 WATS, New York City foreign exchange Gne. Or it may have two gates^ 
one for orde rs and one for ser v ic e. AOs w it h multip le g ates will establish rules for:n| 
ing the cdk between niegotK : ^ 
2.Acircutt(masificon^ 

Gate Array A circuit consisting of an array of logic gates aligned on a substrata 
piece of siTicon) in a regukir pattem. . mr^L^ v 

Gate Assignments Used in context of ACD (Automatic CaD Dtstnbutfon) 
ment. Gates are made up of trunks that require similar agent processing. \\MM ^ 
can be reassigned from one gate to another gate by the ajstomer via the svr^rvisary 
tdcrdtfsr^strjn"^ 

Gate D Gateway Daemon. A popular routma software package which supports 
routing protocols. Developed and maintained by the GateOaemon Consortium at 

University. , , . , . 

Gatekeeper In the classic sense of the word, a gatekeeper s someone who b 
charge of a gate. His or her job is to "derrtifY, corrtrpl, count, supervise the tiaffkor ft 
though it. A network gatekeeper raovife the same fmn^ 
way registration, address resolution, banayridth control admission control, etc A 
keer^ fe a fancy name two net^^ ■ r ■ -mg 

Gateway 1 . A gateway is what it sounds like, if s an entrance and exit into a <wm 
munications rework. That 'ccrnmurucations network* may be huge, for example, qt,»; 
point where AT&T CornmunMons ends and Comsat begins — for taking my Mteite<f|v 
overseas. Gateways may be smri — between ore IAN cari anote 
gateway is an electronic repeater device that intercepts and steers electrical signals hofe 
one network to another. Generally, tte gateway i^^ 
out unwanted noise and carirols characters. In data networks, gateways are tyw^- 
node on both two networks that conneds two omerwise inccm^ 
pie, PC users on a local area network may need a gateway to gain access to a mcMcn|^ 
computer since the mainframe does not speak the same language (r^tocols) as the%; 
on the IAN. Thus, gateways on data networks often perform codecaidprotocdcorrversOT : - 
processes. Gateways ako ebnunate duplicate wiring by giving afl users on ™ "Jgi - 
access to the mainframe without each having a direct, hardwired connection GafewM. 
also connect compatible networks owned by different entities, such as X.25 netwojs : 
hnked by X.75 gateways. Gateways.are corrrmoniy used to connect people on one r#; 
work, say a token ring network, with those on a long distance network. ^™^J^ 
OSI model, a gateway is a device that provides mapping at afl seven layers of the rnoceL 
A gatewrjy'may be used to rrrrerface between two uKornpcrfibte elcxnonk may ^vstems^or. 
for transferring dam files from one system to another. Electronic mail systems that srTon 
local area networks often have gateways into bigger email systems, flee Internet txW 
Mail For example, I might use MCI Mafl to send a email to someone's internal IAN e-maiL 
It might travel from MO Mad to Internet via a gateway and then from Internet via anotn- 
er gateway to tteconW u mw 
2: A Gateway is an optional element in an tL323 conference. Gateways bndge n££<^ 
ferences to other networks, corrununications protocols, and multimedia formats. Gateways 
are not required rf connections to other networks or non-ft.323 compliant terminals are rot 
needed. Gatekeepers perform two important funrtons which help maintain the robustness 
of the network — address translation and bandwidth management. 6atekeepers map uu» 
aliases to IP rjddresses and provide address lookups when needed. Gatekeepers also exfr 
rise call control functions to limit the number of H.323 connections, and the total I band- 
width used by these connections, in an H.323 'zone/ A Gatekeeper is not required m on 
H.323 systerfrhowever, if a Gatekeeper is present, terminals must make use of its servic- 
es. See TAR 3.0. , n . ■ u v x 
Gateway City A city where mtemational caOs must be routed. New Tors, 
Washington, DC, Miami, New Orfeans, and San Francisco are the five gateway cities in. tne 

Gateway Protocol Converter GPC An opptiartioiKpedfic node that con- 
nects otherwise incompatible networks or networked devices. Converts data codes ana 
transmission protocols to enable irrteroperabiTrty. Routers are capable of running gateway 
protocols — we used to call routers 'gateways.* Contrast to Bridge. 
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fiflUWOY Server A communiccmons server that provides access between networks 
!w use different access protocols. 

A«riaa 1 EMb&ng or disabling, a signal through applied logic If if s turned on, the sig- 
!lSs through. If not, the signal doesn't get mrough. 

— jedarUnn Hy those rations of a wave between specified time intervals 
le Ms. 



^hptween specified ompl 
fidiored To be gatored means that while surfing the Internet, you're bombarded by 
0,1s, ]he term, acajrdina to Wired Magazine, comes from Gator, the acMeedtng app 
ffi increosirrgly bundled with popular file sharing programs, 
gaaae A term for specifying the thickness (diameter) of cables. Thicker cables have a 
to number in the American Wire Gauge (AW6) scale. Thicker gauge cables con carry 
SJne c()nveisatwns.farther and more cleanly than thinner aauge cable. But thicker cables 
ad more and take up more room, especially when you bundle them together and put 
S«n in a duct. When buying a phone system it is aood to specify the thickness of the 
rntles that will be installed — especially if some of your extensions wifl be a great dis- 
t«KB from the central telephone switch, rr you intend to carry high-speed data on them or 
von friend to live with your cabling scheme for more than a few months. You should, of 
miase not only specify the cable's thickness, but also whether ifs stranded or solid core, 
coqx e& Gauge is but one port of a coble desaution. See AW6 for a fuller expldmrtion. 
Gauge* Wire The method of specifying the thickness and size of wire. The two 
important American gauges are the American Wire Gauge (AWG)< previousfy known as 
£ & Sharpe, ana the Steel Wire Gauge. See AWG for a fuller explanation. 
Gauss The unit of magnetic field intensity in terms of the lines of force per square cen- 
timeter. 

Gaussian Beam A beam pattern used to approximate the distribution of energy in 
offer core. It can also be used to deserve emission patterns from surface^mirting LEDs. 
Most people would recognize it as the befl curve. 

Gaussian Noise Gaussian noise, more correctly, is "average white 6aussian 
nose/ also known as 'white noise* and "thermal noise/ ft is the natural noise which 
occurs when etoicity is passed through a conductor, and is due to the random vibration 
of electrons in the conductor. Gaussian noise is uniform across the entire range of fre- 
o^eooes nrvdvocL Gaussian noise is named after Karl Friedrkh Gauss (1 777-1855), the 
German mathernatiaan who is generally recognized as the father of the rrwittiematica! the- 
ory (if elecnicity. Gauss abo invented the 'Gaussian Distnlamon/ or "befl curve,* which is 
fte frequency aistribulion of many natural phenomena. See White Noise for more detal 
GazilUon An extremely large, indetemimate amount. See Gigabyte. 
GB G^abyte; See ^oobyte. " 
GbE See Gigabit Ethernet. 
GBB Group Busy How. 

GBIC Gigabit Interface Connector. The physical connection to Gigabit Ethernet media. A 
removable optical interface transceiver module designed to carry Gigabit Ethernet or Fibre 
(bonne! traffic Used as a phystcaHayer transport interface on Gigabit Ethernet and fibre 
Qramei Fabric switches. 

as Gigabits per second. Gig is one thousand million bits per second. 
C An ATM term. 6enerk Correction Adnusslon Corrtroh This is a process to determine 
a lirdc toe potentially enou^ 

G€l ATOM (Time Division Multiplexed) bus technology developed by Siemens. 
6CRA An ATM term. Generic CeO Rote Algorithm: The GCRA is used to define confor- 
mance with respect to the traffic contract of the connection. For each ceil arrival the GCRA 
determmwhete 

(rent the GCRA, or one or more eauivalent edgorrrhms to enforce conference. The GCRA 
is earned with two parameters: the Ireremem (D and the IM 
6tt Sobal Communications Service. 
eaGreeiwichGvarrme. 

$D Graceful Discard. A Frame Term. See Committed Irrformafion Rate and Graceful 
Discord. : . '■ 

W>DM An SNA definition:. Graphical Data Display Manager (GDDM) system software 
wsed for graphics display and printer devices and rjerforms the same functions as QuickDraw 
n Moxmtosfi computers. 

|JF Group ffistiteon Frame. ■ v 

wl Graphics Device Interlace. The part of Windows that allows applications to draw on 
SQ ^ens, printers, and other output devices. The GDI provides hundreds of convenient tunc- 
fcfcfor drawing lines, cirdes, awl polygons; rendering fonts; querying devices for their out- 



Gateway Server / General Packet Radio Service 



put capabilities; and more. 

ODMO Guidefines for the Definition of Managed Objects. 
GDOP See Geometric Dilution of Precision 
GE Gigabit Ethernet. See Gigabit Ethernet. 

GEANT Gigabit European Academic NeTwork. A highspeed optical fiber network pro- 
posed to cover 30 European countries at speeds of 2.5 Gbps in 2001 and 100 6bps by 
2004. GEANT is the European version of Internet?. See also Internet. 
Gearhead A geek who pcuticulcuiy loves new hardware. See Geek. 
GEDCOM GEnealogical Data COMrnunication. GEDCOM is the accepted Genealogical 
Data Exdumae format that allows users of different genealogy programs to exchange acta. 
. It was first developed by the Mormon Family History Library in conjunction with the PAF 
(Personal Ancestry File program). PAF may have been the basis of many of the commer- 
cial and shareware programs available today. Genealogy research via the Internet is pur- 
sued by millions of people. The major sites are www.R00TSWEB.com, which supposedly / 
has 50 million hits a month. There is also wwwJewishGen.org, which has many special 
interest groups for various regions (e.g GerSig for Germany). Major commercial sites 
include wwwjuicestry.com, which seems to be buying up many of the earlier programs and 
companies. i 
Geek A computer enthusiast who doesn't have a life beyond computers and the Internet. 
Also called a TechnoGeek. Coined in the earrVl 940s, o geek wets a camrvdpe^ 
ally billed as a wild man whose act often consisted of bmng the heads (iff 
snakes, 'Geek* has its roots in the Greek *gedc/ meaning "fool/ See also Geek Gab and 



Geek Gab 'Variety' is a weekly magazine that covers the Hollywood entertainment 
business. It coined the word "geek gab/ which it refers to as the proofaation of Web sites 
claiming to put forward the latest hot news on films, studios ana networks. The 'news,* 
however, is often unsubstrjnM rurr^ . 
Geek Testosterone When Microsoft turned over rntemal company materials to 
the court in Washington that was riearing its antHrust case, several people believed that 
they revealed a company running on 'geek testosterone." A geek is a computer enthusi- 
ast who doesn't have a Me beyond computers. Testosterone is the sex hormone, 
CI 9H2802, secreted by. the testes, that stimulates the development of male sex organs, 
secondary sexual traits, and sperm 

Geekosphere A definition courtesy Wired Magazine: The area surrounding one's 
computer where trinkets, personal mementos, toys and 'monitor pels' aie displayed. A 
place where computer geeks show their colors. 

Geekspeak Geekspeak is the language geeks speak. A geek is a computer enthusf 
ast who aoesn't liove am 

Gender Connectors, plugs and receptacles are assigned a gender to describe their phys- 
ical type. Ones with pins are male, ana those with holes into which the male pins sfide are 
female. See GENDER BENDER. 

. Gender Bender A device which changes the gender of a connector, pbg or recep- 
tade. A aender bender is typically a small plug with all male pins on one side ana aO male 
pirBcmrheonSerByprog^ 

efrectivety charged the tjernale gender of the cable to rncdo. Alternatively, a gender bender 
could be remote on either siae. But a gerita bender must ^ . 
Gender Changer Another name for a gender bender. See Gender Bender. -. 
Genderless Connector Also called data connector or herniaphrocTrtic connector. 
Invented by IBM. The connector doesn't require male and female phias to rnake'a.con- 
nedion. ft was designed for tokemmg applications. It was too big ami cSmky for my tostB- 
General Availability How a product gets to market varies from one company 
to another. But typically, along the way, mere's something called an alpha — the first 
veiswn of rwiraWe or softwor^ 

ees play with it. A beta is the next versioalfs a release ver^ 
(ana the press) become your guinea pigs. They p>e you feedback After beta, and when 
the bugs are removed and the features have been fine-honed, comes general avanabiB- 
ty/ Tricrfs when the product is fmafly avcrilable for buying by the general pubhc 
General Call The letters CQ in the mtemolional code and used as a general mquiry caS. 
General Packet Radio Service GPRS, Genera! Packet Radio Service is the 
data service enhancement for GSM; the European standard digital cellular service. GPRS, a 
pedcetswitched service which wffl support the X.25 and TGP/lP pocket protocols, is wide- 
ly expected to be the next major step forward in the evolution of GSM technology. GPRS, 
an important component in the GSM evolution entitled GSM+, enables high-speed mobile 



323 



BEST AVAILABLE COPY 



VPIMWork Group /VPU 



hops of voice mail, audio mail e^naii, and video mail. See also LDAP, MIME, SMTP, VPIM 
Work Group and www.ema Wvpimdir/mdex.htm 

VPIM Work Group The goals of the Voice Profile for Internet Moil Work Group 
include establishing an internationally accepted standard profile of ESMTP/MIME to allow 
the interchange of voice and tax messages between voice messaging systems; ensuring 
that this profile also allows interexchange with non-voice messaging MIME compatible emai 
systems, establishing a directory service to suoport lookup of the mutable address, and 
estabfistiinq a defined mapping specification with other voice messaging. The Group hosted 
o concept demo at EMA'96, a product derrwnstrotion at EMA'97, an info booth at CT Expo 
'98, and at the Fall 98 VMA Meeting in Athens. VPIM vendors are currently testing products 
tor compatibility with the VPIM specification. The VPIM Spectfication, version 2 has been 
approved by the IETF as a Proposed Standard After.a long wait for its references to be pub- 
lished, VPIM v2 was published as RFC 2421 in September 1 998. See also VPIM. 
VPl An ATM term. Virtual Path link is o means of unidirectional transport of ATM cells 
between the point where a VPl value is assigned and the point where that value is trans- 
lated or removed. 

VPN virtual Private Network. There are several definitions for VPN, and well go through 
them in some detail. But first, we need to explain the overall concept. A VPN is not a pri- 
vate network, but is virtually so. That is to soy that it exhibits at least some of the cfiar- 
octeristks of a private network, even niwiaji it uses the resources of a pubfe 
work. True private networks absolutely guarantee access to network resources, and securi- 
ty is perfect — after aD, the network is o private one, comprising dedicated leased Tines. 
Those fines (or, more commonly today, the equivalent bandwidth) have been taken out of 
shared pubftcusecwldedicaWtome prtv(rreuseof anenduserorgnnization on the basis 
of a tease arrangement. Those dedicated leased lines often go through various switching 
centers (e.g., COs or POPs), but go around, rather than through, the switches. As far as 
the private network is concerned, it's a wire center, rather than a swnthing center. The 
dedicated leased lines most commonly are T-carrier or even SONET in nature, directly inter- 
connect two or more end user sites, and can be used for any purposes the end user desires. 
The end user can run any higher-layer protocol it chooses — after all, ifs a private net 
work. Sounds great, doesn't it? Sure, it does, but the costs are hiah, and the comrJexities 
of designing and implementing such o network am be way out of proportion to the bene- 
fits. Virtual Private Networks don't exhibit exactly the same characteristics and, therefore, 
don't perform as well as true private networks, but can come pretty dose...and at much 
lower cost. For example, a VPN might offer priority access to rWidwidth and other network 
resources, whereas a true private network offers guaranteed access at all times. A VPN 
might offer relatively tight security mechanisms, whereas a private network is totally 
secure. Now, let's examine the specific definitions. 
1 . The first VPN was developed for voice networking, fjutsubsea^fy 
use in data networking, as wefl. Abo known in AT&T terminology as a SoftwareMned 
Network (SDN), these original VPNs remain in wide use on both o domestic and an inter-, 
national basis. Currently, they largely are used in support of voice, as Frame Relay arid 
other pocket network technologies have proved to be more effective in support of data 
appTications. They are a public service offered by IXCs (IntereXchange Carriers) and mak- 
ing use of the arajfrswitched PSTN (Public Switched Telephone Network). Originally 
known.as Switched 56, the current usage of the term 'VPN' (fetinauishes data services 
offered by AT&T, MO (now Wortdcom) and Sprint from Switched 56/64 Kbps services 
offered by the IKs (local phone companies) . Although the spedfks vary by IXC, VPNs offer 
r^ndwidrn options of 56/64 Kbps, increments of 56/64 Kbps, 384 Kbps and 1.544 
Mbps a-1). The last two options are designed with viaWoriferenang in mind. VPNs pro- 
vide transmission characteristics and services similar to those of private fines, including 
network resting, priority access, and security. Access to o cirajit^wftched VPN is provided 
over T-carrier (e.g., T-l or Fractional T-l ) local loops, which are fuWuplex, four wire, dig- 
ital droits. As VPN services are diakrp services provided over the PSTN/ they offer the 
same inherent any^rxmy connectivity provided for voice calls, with the added feature of 
security through a Closed User Group (CUG). In other wor^, any loc^ 
dial any other location on your VPN, but can't dial any number outside the ClIG and can't 
be dialed by any number outside the CUG. VPNs also offer the advantage of the high level 
of PSTN redundancy, which translates into a high level of network resffiency. This network 
resiliency compares favorably to private, leaseoMine networks, which are highly susceptible 
to catastrophic failure. In fact, VPNs often are deployed as a backup to leaseoMine net^ 
works. VPNs also are extremely effective in support of enterprise data networking in organ- 
izations with large numbers of small sites. Small locations with relatively modest commu- 



nications requirements often cannot be (Effectively connected to long-haul, leaserHine 
networks. VPNs offer the advantages of flexibility ana scalability, as sites can be added or 
deleted relatively easily, with costs maintaining a fairly reasonable relationship to enter- 
prise network foncttonafoy. The processes of network configuration (design) and reconfig- 
uration are greatly simplified as compared to a leoserMne network. Provisioning time is 
also greatly reduced, thanks to the flexibility of the drcuftswitthed network core — the 
only dedicated portion of the VPN is the local loop, which is always dedicated, regardless 
of hie network service accessed. Compared to a private network, the greatest disadvantage 
of VPNs is that all calls are priced based on a usage-sensitive algorithm much like that of 
a typical call over the PSTN. In other words, costs are calculated by duration and time of 
day, with prime-time calls being priced at a premium. Dayof-week and other special dis- 
counts also apply. Some comers also consider distance in the pricing of VPN cads. Note, 
however, that the usage-sensitive costs of a VPN typically are a lot less than the cost-per- 
minure of a normal dirJup call over the PSTN, sensitive to factors including the number of 
sites connected, usage volume commitments, and contract length. Purely from a cost stand- . 
point, leasecHines are preferred for networking large sites with intensive communications 
needs. Leased fine networks also can support not only data and video transmission, but 
also voice, thereby offering the advantage of integration of afl communications needs over 
a single network. Access to a VPN POP (Point of Presence) can be gained directly from the 
IXC flntereXchange Carrier), from a CAP (Competitive Access Provider), or from the IK 
(Local Exchange Carrier). Appropriate access technologies include leased fines, Switched 
56/64, and ISDN. See also Switched 56 rind Private Line. 

2. The second definition of VPN is a fairly generic one, referring to a packet data network 
service offering with some of the characteristics of a private network. Any pocket data net- 
work con be used as the foundation for such a VPN, including X.25, TCP/IP, Frame Relay, 
and ATM networks. Each of these foundation networks is very difFerent in terms of specifics, 
but they oil are highly shared in terms of their basic nature. In order to provide services that 
emulate, or at least approximate, a private network over a highly shored network core, it is 
necessary to provide some additional features and mechanisms. One such feature is priority 
access to baralw^, which cantea^ 

tousfy are intrinsic to the njndamental packet protocol (e.g., ATM) or thrown supplemental 
protocols (e.g., MPLS, or Multiprotocol Label Switching, which often is used in Frame Relay 
and TCP/IP networks). Security is a arTidferjture,wroch 
mechanisms such as a Closed User Group (e.g., Frame Relay) or tunneling (e.g., TCP/IP). 

3. In contemporary usage, VPN most a>mmonly refers to arvJP (Internet torocol) VPN run- 
ning over the public Internet. Whfe the ubiquitous nature of the Internet is a huge advan- 
tage for data nerwortang, the Internet is inherently both insecure and subject to variable lev- 
els of congestion. In order to create o VPN over the .Internet, security issues are mitigated 
through the use of a combination of authentication, encryption, and tunneling. 
Autherrrication is a means of access control the confirms the identity (jf users through pass- 
word protection or intelligent tokens, thereby reducing the rpassMy tlrat unauthorized users 
might gain access to privileged internal ajmputing or network resources. Aim^enriartion com- 
monly is the responsibility of an access server running the RADIUS (Remote Access EHaMn 
User Service) protocol, connected to an access router with ernrjedded firewall software. 
Enaypnon is the process of encoding, or scrambling, of the data paylood prior to transmis- 
sion in order to secure it; the decryption process depends on the receiver's possession of the 
correct key to unlock the safety mechanism. The key is known only to the transmitting and 
receiving devices. Tunneling is the process of errarpsulaling the encrypted paytoad in an IP 
packet tor secure transmission. Tunneling protocols induce SOQCvS, PPTP (Pomt-to-Point 
Tunneling Protocol), L2TP (layer 2 Tunnefing ProtocoD, and IPSec (IP Security). 

The applications scenarios for IP VPNs include remote access, intranets, and extranets. Remote 
access VPNs are highly effective in support of telecommuters, mobile workers, and virtual 
employees. Intranets are used to link branch, regional, and corporate offices. Extranets ink 
vendors, affiliates, Distributors, agents, afflates, and strategic partners into the main coma- 
rate office, wim the level of access crfrorded being sensitive to the level of r^m/fleae ircficnted 
by o combraition of password and user ID, as properly authenticated. This detmition is cour- 
tesy of Ray Horde's excellent book, "Communications Systems and Networks." See also 
Airitentfartion, Encryption, Extranet, Firewall, Internet, Intranet, and Tunneling. 
VPOTS Very Plain Old Telephone Service. No automated switching. 
WT Virtual Private Trunking. VPT - (as it pertains to VW) - appears as a Frame Relay or 
ATM service to the enterprise, but uses VPN technology to deliver higrnivailability services, 
while enabling service providers to fuOy optimize trunk bandwidth. See VPN. 
WUl.vTrtiMriPrrysicdUnit. 
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